[PLUG] Cheesy Postgrey/Mailman whitelist hack

plug_0 at robinson-west.com plug_0 at robinson-west.com
Thu Mar 2 06:51:23 UTC 2006


Quoting Keith Lofstrom <keithl at kl-ic.com>:

> 
> A couple of weeks ago, I proposed a way to whitelist email addresses
> for real people that were being stopped by Postgrey.  That method
> involved a special webpage where folks could enter their email
> address, and get added to the whitelist.  I've been ruminating on
> that, and all the good feedback I got from the PLUG list.
> 
> I thought of an easier hack.  There are five Mailman mailing lists on
> my server;  the folks that are using the mailing lists might also
> encounter Postgrey problems.  The Mailman administration command
> "list_members <group>" emits the email addresses of all the folks
> that are on mail list "group".  So instead of constructing an
> ad-hoc kludge based on a web page,  I hope to use Mailman as an
> address entry engine instead.  
> 
> I have created a new mailman list named "allow".  Folks having
> problems getting through Postgrey can sign up for this zero-traffic
> moderated list.  Any time a person signs up for the allow list, as
> well as at a time specified by cron, this triggers an email to
> user "allow" which kicks off a script that runs list_members for
> all the groups and builds a new whitelist for Postgrey.  
> 
> This Mailman based-approach is easier and probably more secure than
> trusting my own ability to construct a webpage and authenticate
> an address.  This approach whitelists all the members of the real
> mailing lists, too.  I have not had problems with bad guys signing
> up for Mailman (so far), and Mailman has methods for blacklisting
> the bad guys.  If Mailman starts being abused by the black hats,
> new versions will rapidly close those holes.  
> 
> Suggestions?
> 
> Keith

Are there any postfix friendly or better yet MTA neutral alternatives
to mailman?

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/



More information about the PLUG mailing list